Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / Security / July 2004

Tip: Looking for answers? Try searching our database.

Authentication against active directory

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Jon Delano - 22 Jul 2004 21:49 GMT
Hello

I am developing a ASP.NET site (using VB).
I found some code that allows me to authenticate the user trying to access
the site against the active directory server for the company.

What is happening is some users authenticate and others do not ... but they
are all a part of the domain.
The web server the site is running on is part of the domain (else no user
would authenticate)

Here is the code I use to authenticate the users :

       ' use the OLEDB provider to access the ADS Object, this allows for
simple SQL Query for the user.
       Dim cn As New OleDb.OleDbConnection("provider=ADsDSOObject;User ID="
& txtUserName.Text & ";Password=" & txtPassword.Text)
       Dim cmd As New OleDb.OleDbCommand("Select GivenName, sn from
'LDAP://[domain is here]' where samAccountName='" & txtUserName.Text & "'",
cn)
       Dim dtrdr As OleDb.OleDbDataReader

       Try
           cn.Open()

           dtrdr = cmd.ExecuteReader
           If dtrdr.Read = True Then
               ' user authenticated against active directory
               Session.Add("UserFirstName", dtrdr("GivenName"))
               Session.Add("UserLastName", dtrdr("sn"))
               UserIsPhysician()

               If Session("PhysicianID") = -1 Then Exit Sub

               Server.Transfer("patientlist.aspx")
           Else
               Label1.Text = "Unable to access user data."
           End If
           dtrdr.Close()

       Catch ex As Exception
           Dim exMsg As String
           If InStr(ex.Message, "PERMISSION") > 0 Then
               exMsg = ""
           Else
               exMsg = ex.Message
           End If
           Label1.Text = "Invalid Username or Password. " & exMsg
       End Try

       cmd = Nothing
       dtrdr = Nothing
       cn.Close()
       cn = Nothing

I can't understand why some users will work fine and others just won't.

If anyone can offer any ideas ... it would be greatly appreicated.

Thank you
Jon
Reply to this Message
Joe Kaplan \(MVP - ADSI\) - 25 Jul 2004 00:33 GMT
Have you considered using the classes in System.DirectoryServices for
accessing AD in .NET?  It is much more straightforward.

Generally, when people authenticate users to AD using LDAP, they will do a
bind to AD using the DirectoryEntry class.  The code might look like this:

       'Imports System.DirectoryServices
'Imports System.Runtime.InteropServices
'Imports System.Globalization

Public Function AuthenticateUser(ByVal userName As String, ByVal password
As String, ByVal domain As String, ByVal server As String) As Boolean

           If userName Is Nothing OrElse userName.Length = 0 Then Throw New
ArgumentNullException("userName")
           If password Is Nothing OrElse password.Length = 0 Then Throw New
ArgumentNullException("password")
           If domain Is Nothing OrElse domain.Length = 0 Then Throw New
ArgumentNullException("domain")
    If server Is Nothing OrElse server.Length = 0 Then Throw New
ArgumentNullException("server")

           Dim ntLogonName As String
           Dim entry As DirectoryEntry

           ntLogonName = String.Format(CultureInfo.InvariantCulture,
"{0}\{1}", domain, userName)

          entry = New DirectoryEntry( _
              String.Format( _
                 CultureInfo.InvariantCulture, _
                 "LDAP://{0}/rootDSE", server), _
                 ntLogonName, _
                 password, _
                 AuthenticationTypes.Secure _
                 )

          Try
              Dim bindTest As Object
       bindTest entry.NativeObject 'this forces the bind to AD
              Return True

          Catch ex As COMException
              If ex.ErrorCode = &H8007052E Then 'COM error code for "Bad
username or password"
    Return False
       Else
    Throw 'if the problem wasn't bad credentials, then we there is
something else wrong here
       End If
          Finally
              entry.Dispose()
          End Try

       End Function

You need to add a reference to System.DirectoryServices as well.

The DirectorySearcher class is also much more straightforward to use for
searching AD.

HTH,

Joe K.
> Hello
>
[quoted text clipped - 57 lines]
> Thank you
> Jon
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.